Entities, in particular large entities having several hundred or thousand employees, receive countless emails in any given day. While these emails often make conducting business simpler and more efficient, they also pose a threat. That is, a portion of these emails may contain malicious content (e.g., links or attachments) that may pose a threat to the entity (e.g., computer viruses, or the like). Accordingly, identifying potentially malicious emails is an important function in any entity. However, the sheer volume of emails to consider and evaluate also makes this task, when performed using conventional systems, slow, inefficient, and leaves the entity prone to risk from the potentially malicious emails.